Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiOS Carrier

    7.4.5
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.6
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.9
    5.6.0

    GTP RAT timeout profiles

    GTP RAT timeout profiles

    You can use Radio Access Technology (RAT) timeout profiles to create GTP session timers for different RAT types. A RAT timeout profile can include one or more RAT type timeouts. A RAT timeout profile can be applied to a GTP profile and that GTP profile added to a firewall policy. Then, FortiOS Carrier will impose session timeouts for all GTP sessions according to their RAT type if a timeout for the RAT type has been added to the RAT timeout profile.

    From the CLI, use the following command to add a RAT timeout profile to a GTP profile:

    config firewall gtp

    edit <name>

    set rat-timeout-profile <rat-timeout-profile-name>

    end

    Use the following command to create a RAT timeout profile:

    config gtp rat-timeout-profile

    edit <rat-timeout-profile-name>

    set utran-timeout <timeout>

    set geran-timeout <timeout>

    set wlan-timeout <timeout>

    set gan-timeout <timeout>

    set hspa-timeout <timeout>

    set eutran-timeout <timeout>

    set virtual-timeout <timeout>

    set nbiot-timeout <timeout>

    set ltem-timeout <timeout>

    set nr-timeout <timeout>

    end

    For each of the following timeouts, the range is 0 to 4294967295 seconds. The default is 0, which means no timeout.

    utran-timeout set the GTP session timer for a session with RAT-type = UTRAN.

    geran-timeoutset the GTP session timer for a session with RAT-type = GERAN.

    wlan-timeout set the GTP session timer for a session with RAT-type = WLAN.

    gan-timeout set the GTP session timer for a session with RAT-type = GAN.

    hspa-timeout set the GTP session timer for a session with RAT-type = HSPA.

    eutran-timeout set the GTP session timer for a for a session with RAT-type = EUTRAN.

    virtual-timeout set the GTP session timer for a session with RAT-type = Virtual.

    nbiot-timeout set the GTP session timer for a session with RAT-type = NB-IOT.

    ltem-timeout set the GTP session timer for a session with RAT-type = LTEM.

    nr-timeout set the GTP session timer for a session with RAT-type = NR.

    Example

    The following example shows how to create two RAT type profiles and apply them to different GTP profiles.

    Create two RAT type profiles (the timeouts shown in the examples are not recommended times):

    config gtp rat-timeout-profile

    edit "rat-iot-1"

    set nbiot-timeout 60

    set ltem-timeout 600

    next

    edit "rat-nr-1"

    set nr-timeout 100

    end

    Then you can use the following option to add the RAT type profiles to GTP profiles.

    config fireall gtp

    edit GTP-protile-1

    set rat-timeout-profile "rat-iot-1"

    next

    edit GTP-profile-2

    set rat-timeout-profile "rat-nr-1"

    end

    When GTP-profile-1 is applied, a GTP session with RAT-type=NB-IOT will be released after 60 seconds. When GTP-profile-2 is used, a GTP session with RAT-type=NR will be released after 100 seconds.

    Previous
    Next

    GTP RAT timeout profiles

    GTP RAT timeout profiles

    You can use Radio Access Technology (RAT) timeout profiles to create GTP session timers for different RAT types. A RAT timeout profile can include one or more RAT type timeouts. A RAT timeout profile can be applied to a GTP profile and that GTP profile added to a firewall policy. Then, FortiOS Carrier will impose session timeouts for all GTP sessions according to their RAT type if a timeout for the RAT type has been added to the RAT timeout profile.

    From the CLI, use the following command to add a RAT timeout profile to a GTP profile:

    config firewall gtp

    edit <name>

    set rat-timeout-profile <rat-timeout-profile-name>

    end

    Use the following command to create a RAT timeout profile:

    config gtp rat-timeout-profile

    edit <rat-timeout-profile-name>

    set utran-timeout <timeout>

    set geran-timeout <timeout>

    set wlan-timeout <timeout>

    set gan-timeout <timeout>

    set hspa-timeout <timeout>

    set eutran-timeout <timeout>

    set virtual-timeout <timeout>

    set nbiot-timeout <timeout>

    set ltem-timeout <timeout>

    set nr-timeout <timeout>

    end

    For each of the following timeouts, the range is 0 to 4294967295 seconds. The default is 0, which means no timeout.

    utran-timeout set the GTP session timer for a session with RAT-type = UTRAN.

    geran-timeoutset the GTP session timer for a session with RAT-type = GERAN.

    wlan-timeout set the GTP session timer for a session with RAT-type = WLAN.

    gan-timeout set the GTP session timer for a session with RAT-type = GAN.

    hspa-timeout set the GTP session timer for a session with RAT-type = HSPA.

    eutran-timeout set the GTP session timer for a for a session with RAT-type = EUTRAN.

    virtual-timeout set the GTP session timer for a session with RAT-type = Virtual.

    nbiot-timeout set the GTP session timer for a session with RAT-type = NB-IOT.

    ltem-timeout set the GTP session timer for a session with RAT-type = LTEM.

    nr-timeout set the GTP session timer for a session with RAT-type = NR.

    Example

    The following example shows how to create two RAT type profiles and apply them to different GTP profiles.

    Create two RAT type profiles (the timeouts shown in the examples are not recommended times):

    config gtp rat-timeout-profile

    edit "rat-iot-1"

    set nbiot-timeout 60

    set ltem-timeout 600

    next

    edit "rat-nr-1"

    set nr-timeout 100

    end

    Then you can use the following option to add the RAT type profiles to GTP profiles.

    config fireall gtp

    edit GTP-protile-1

    set rat-timeout-profile "rat-iot-1"

    next

    edit GTP-profile-2

    set rat-timeout-profile "rat-nr-1"

    end

    When GTP-profile-1 is applied, a GTP session with RAT-type=NB-IOT will be released after 60 seconds. When GTP-profile-2 is used, a GTP session with RAT-type=NR will be released after 100 seconds.

    Previous
    Next